Permalink
Browse files

Fix SQLi in admin and members reports/edit controllers #645

* Previously the incident id was not sanitized before being used in
  the geometry query.
  • Loading branch information...
rjmackay committed Jul 1, 2012
1 parent 3438eb8 commit 3f14fa0d09ac7e6ad69f5fa1443a7ea4df327381
Showing with 4 additions and 4 deletions.
  1. +2 −2 application/controllers/admin/reports.php
  2. +2 −2 application/controllers/members/reports.php
@@ -707,8 +707,8 @@ public function edit($id = FALSE, $saved = FALSE)
$sql = "SELECT AsText(geometry) as geometry, geometry_label,
geometry_comment, geometry_color, geometry_strokewidth
FROM ".Kohana::config('database.default.table_prefix')."geometry
WHERE incident_id=".$id;
$query = $db->query($sql);
WHERE incident_id = ?";
$query = $db->query($sql, $id);
foreach ( $query as $item )
{
$geometry = array(
@@ -496,8 +496,8 @@ public function edit($id = FALSE, $saved = FALSE)
$sql = "SELECT AsText(geometry) as geometry, geometry_label,
geometry_comment, geometry_color, geometry_strokewidth
FROM ".Kohana::config('database.default.table_prefix')."geometry
WHERE incident_id=".$id;
$query = $db->query($sql);
WHERE incident_id = ?";
$query = $db->query($sql, $id);
foreach ( $query as $item )
{
$geometry = array(

0 comments on commit 3f14fa0

Please sign in to comment.